The recent events surrounding Edward Snowden and the NSA surveillance program are bringing domestic law enforcement surveillance into the public consciousness. In particular, the implications of Automated License Plate Readers (ALPRs), used by law enforcement agencies all over the country, are being reevaluated.

The recently implemented technology consists of a camera linked to a processing unit that uses algorithms to separate the numbers and letters of a vehicle’s license plate from the surrounding image. Once a plate is scanned, it is saved to a database along with GPS coordinates, the date and time, and a photo of the vehicle at the time it was scanned. Available in sizes as small as a paperback novel, these units can be mounted next to red light cameras, positioned at key points of interest, or even installed on police cruisers for mobile use.

An ALPR mounted on a police cruiser can scan up to 1,800 license plates per minute–while traveling at speeds of up to 120 miles per hour or more. An average officer can scan over 14,000 plates in a single shift. The boon to law enforcement is obvious: by cross-referencing scanned plates with police databases, officers can track down stolen vehicles, find vehicles identified in an AMBER alert, or locate people with outstanding warrants, just by driving around. And the law enforcement community is catching on: in 2007, almost half [PDF] of large law enforcement agencies used ALPRs on a regular basis.

Stages of License Plate Recognition

While the new technology clearly has advantages, controversy arises when a plate is scanned, cross-referenced, and comes up with nothing. If the data is then deleted or stored only for a short period of time, few would object. That, however, is not usually the case. An LA county has begun storing data fortwo years, regardless of whether the driver has done anything wrong. And some agencies are keeping the data indefinitely. While a simple scan may seem innocuous, this data could reveal a troubling amount of information about people who are not even suspected of committing a crime. Consider intimate details like visiting addiction counseling, doctor’s offices, activist groups, or cabarets. If there were a stationary camera along your daily commute, police would know which days you went into work late or stayed home sick. They could even position an ALPR in front of the parking garage of an event or rally and build a highly accurate guest list.

Police claim that ALPR systems are completely legal because they are scanning license plates in public and are no different from an officer recording license plate, time, and location information by hand. The ACLU and EFF disagree, and recently filed suit in California state court against two Los Angeles law enforcement agencies after they failed to respond to requests for information on how the agencies use ALPRs to track Americans’ movements. See the complaint here.

These readers may raise some constitutional issues. The Fourth Amendment protects you against searches only if you have a reasonable expectation of privacy. When you pull out of your garage, there is certainly no reasonable expectation that a license plate is private. However, there may still be a “reasonable expectation” that you will not be tracked everywhere you go. In his concurrence in United States v. Jones, 132 S.Ct. 945 (2012), Justice Alito wrote that “society’s expectation has been that law enforcement agents and others would not—and indeed, in the main, simply could not—secretly monitor and catalogue every single movement of an individual’s car for a very long period.”

According to a June 2012 story in LA Weekly, Los Angeles sheriff and police departments conduct approximately 22 scans for every one of the 7 million vehicles registered in LA County. With that much surveillance, this seemingly innocuous license plate reading is far more than an officer recording information by hand. And these privacy concerns haven’t gone unrecognized–Maine, New Jersey, and Virginia have limited the use of ALPRs, and New Hampshire has banned them outright.

At the very least, this new technology warrants regulation. Perhaps the answer is a specified time limit on stored data for people not suspected of committing a crime, or a warrant required to store data past a certain time frame. It remains to be seen whether law enforcement agencies can take advantage of this new crime-fighting tool without severely implicating privacy concerns.

Jeff raises an interesting point about how and where the devices are deployed. I think there is a real concern if the devices are hidden and data retention is over 48 hours. If the data is going to be stored for longer periods of time, the public has a right to know where the devices are located. While signs indicating the location of devices may deter thieves from driving down certain roads, there are other ways for law enforcement to recover stolen vehicles and make arrests – like how they did pre-ALPRs. So I agree that some sort of data retention policy is necessary, especially in light of an individual’s 4th Amendment right to privacy.

Michael, you draw an interesting parallel to the Snowden metadata. I wonder how comfortable we would be with keeping that information indefinitely if officials could only access it with a warrant? I’d also be interested in the decision-making process for deciding where to deploy the devices. Conspicuous and covert surveillance have different effects and raise different concerns for me, and it seems like this technology could be deployed either way.

It seems that some type of data retention policy must be mandated. I would argue that deleting it immediately after scanning would be the most appropriate, however retention for 24-48 hours may be reasonable if it is used to cross-reference additional databases and records not hit on the first scan. Regardless, there is no reason to keep this information for a longer period of time.

The tracking seems similar to the gps and cell tower tracking that mobile phone companies use. However, those companies have a legitimate reason for recording and keeping that data (predicting traffic and bandwidth) and law enforcement require a warrant to gain access. Unfortunately, that too has fallen victim to a loophole when officers use a Stingray device.

Whether it is a plate scanner or a stingray device, retention of this information by law enforcement cannot be justified.

Thanks for the insightful comment, J.P. I agree that the new devices should be regulated in proportion with their benefit, but that is a difficult balance to strike, that depends largely on the value we place on privacy. Unsurprisingly, law enforcement agencies universally report increased arrest rates, stolen vehicle recoveries , etc., but to my knowledge there has yet to be an independent empirical study of the marginal benefit of the devices.

At the risk of using a law school cliché, “where do we draw the line?”

Personally, I would consider a strict purge of data 24 hours after capture for plates that don’t match a police database.

I wonder how substantial the benefits of these ALPRs are compared to those law enforcement departments that are not using the technology. If it is the case that ALPRs help resolve 10x more AMBER alert cases or retrieve 10x stolen cars, there is a stronger argument for the type of privacy intrusion we’re experiencing, and excess regulation might not be in the cards. On the other hand–and I think this is probably the case–if there is not such a substantial tangible public benefit, regulation is necessary.

I may just start getting license plates created by CAPTCHA. Take that, ALPRs. I can’t even read the things.